nix templates: factor harness-base.nix (shared scaffolding incl. gitconfig)

nix/templates/manager.nix

@@ -1,27 +1,11 @@
 { pkgs, ... }:
 {
-  boot.isNspawnContainer = true;
-
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "claude-code" ];
-
-  environment.systemPackages = with pkgs; [
-    hyperhive
-    claude-code
-    bashInteractive
-    git
-    coreutils-full
-  ];
-  # claude's Bash tool refuses to run without a POSIX shell + $SHELL set.
-  environment.variables.SHELL = "${pkgs.bashInteractive}/bin/bash";
-
-  environment.etc."gitconfig".text = ''
-    [user]
-      name = hm1nd
-      email = hm1nd@hyperhive
-    [init]
-      defaultBranch = main
-  '';
+  imports = [ ./harness-base.nix ];
 
+  # HIVE_PORT/HIVE_LABEL/gitconfig are also injected by the generated
+  # `applied/hm1nd/flake.nix` (see `lifecycle::setup_applied`); the values
+  # here are the base config so the container stays sensible if anyone
+  # ever evaluates `nixosConfigurations.manager` standalone.
   systemd.services.hive-m1nd = {
     description = "hive-m1nd manager harness";
     wantedBy = [ "multi-user.target" ];
@@ -29,20 +13,16 @@
     environment = {
       HIVE_PORT = "8000";
       HIVE_LABEL = "hm1nd";
+      SHELL = "${pkgs.bashInteractive}/bin/bash";
     };
-    # See note in agent-base.nix — `claude` and a POSIX shell have to be on
-    # the service PATH explicitly for the harness + claude's Bash tool.
     path = [
       pkgs.claude-code
       pkgs.bashInteractive
     ];
-    environment.SHELL = "${pkgs.bashInteractive}/bin/bash";
     serviceConfig = {
       ExecStart = "${pkgs.hyperhive}/bin/hive-m1nd serve";
       Restart = "on-failure";
       RestartSec = 2;
     };
   };
-
-  system.stateVersion = "25.11";
 }